It is a bit stupid to rant about the fact that MS have finally produced a fully compliant TCP/IP stack, isn't it. If he's going to rant about this sort of stuff, he should rant about the poor default security e.t.c...

quote:It is incredibly fortuitous for the Internet that the massive population of Windows-based machines has never enjoyed this complete "Unix Sockets" support which is so prone to abuse. But the very bad news is . . .

This has horribly changed for the worsewith the release of Windows 2000 andthe pending release of Windows XP.

For no good reason whatsoever, Microsoft has equipped Windows 2000 and XP with the ability FOR ANY APPLICATION to generate incredibly malicious Internet traffic, including spoofed source IP's and SYN-flooding full scale Denial of Service (DoS) attacks! (See my WinXP & DoS Page.)

Damned if they do, damned if they don't? I can think of one good reason. It might facilitate porting of such tools as nmap (without requiring separate raw packet drivers, as the current nmapNT port requires, which brings with it certain limitations).

It has been possible to send raw packets from Windows (even in 9x) -- albeit through a different mechanism -- so this ability isn't new. If someone wanted to do it, they could do so.

No shit. If they compromise a box they could just as easiltinstall a packet driver or other software as part of their script. So MS finally puts in the entire spec and they get slammed for using open standards by El Reg, suprise suprise.

ok... is it just me, or does anyone else have the desire to write a zombie/bot killer. If the bots can download and install the Sub7 trojan, they could just as easily download and install your BotKiller trojan, that would effectively remove them.

Then you just need a set of tools like Gibson wrote that would watch, transfer to new IRC channels, find new bots... and effectively "hunt" for bots and then kill them....

He's a complete white-hat, but he's obviously pissed off, and slamming XP is a great way to spread his ire.

Having said that, perhaps he has a point. Some kind of "suicide pill" mechanism for XP Home Edition that installed via the home networking wizard, and stopped sending packets to a specific address if it asked. Is there an RFC for some kind of cancel packet on IP?

quote:ok... is it just me, or does anyone else have the desire to write a zombie/bot killer

hmmm <me rubs chin thoughftully>

That would be a most excellent thing to do. Can you imagine the reaction of all the Shit Kiddies? They would soil themselves when the realised that the real pros were writing hunter-killer whitehat bots ;P